With XP no longer supported by Microsoft and all healthcare facilities moving to electronic medical records (EMRs) and worrying about being HIPPA compliant it was time to update all the machines in this dental office.

If you are happy to plug her machine in to the network (ie sure about AV etc) then no need to add to the domain - simply create a user account for her. When she tries to connect to a network share it will ask for username/password, and then allow her access. (we put shortcuts on the desktop to the correct shares to make it easier). Printers are a little more trickey if you want to make them stay, ... create a dummy useraccount that the password will not change, reboot her laptop, connect to a netowrk printer (ie start,run,\\server\hplj3005) and use this useraccout/password. You only need the laptop in the domain if you want to manage the machine.

9 Replies

If you are happy to plug her machine in to the network (ie sure about AV etc) then no need to add to the domain - simply create a user account for her. When she tries to connect to a network share it will ask for username/password, and then allow her access. (we put shortcuts on the desktop to the correct shares to make it easier). Printers are a little more trickey if you want to make them stay, ... create a dummy useraccount that the password will not change, reboot her laptop, connect to a netowrk printer (ie start,run,\\server\hplj3005) and use this useraccout/password. You only need the laptop in the domain if you want to manage the machine.

As a manager of the IT infrastructure and environment of where I am now, I'd also go a little further and insist that before that machine come onto "my" network, I remove the installed AV and install the corporate version (so the laptop is inline with the other machines) and also run some sweeps and checks to make sure the system is clean and healthy.

If they have bought a home user type laptop you're unlikely to be able to add it to the domain as it will most likely have XP or Vista Home.

I don't replace their own AV as it would cost me but I do insist and make sure it's kept up to date. I'll also scan it with another product before allowing access. Don't forget to check the firewall setup too.

For ease of use for networked applications it's hard to beat Terminal Services, if you have a TS server available. Setup the user as a normal domain user but then just get them to use TS for everything domain related. Of course the beauty of this is that remote access (via VPN for example) will give them exactly what they get when in the office. This approach means little intervention with their laptop as you don't want to have to maintain that.

I come from the nasty side and would have to say no. There could be all sorts of nasties on there, and giving domain access could let them spread.

The user could easily work using pen drives to another computer, also couldnt the business buy the user a business linked laptop? or is this a school?

If it were a school (previous job as it network admin) i would definite say no - the students are all to happy to muck about on the network - and could easily start playing with john the ripper or similar.

the only things allowed on this business network are business devices.

I had this exact question about 6 months ago. In the end I had to say no to people using personal laptops on my coprerate network. This wasn't because of anything technical, mostly legal. There were three big issues that really set this.

First was the virus and malware issue. I had no authority to make sure the system was kept current after I gave them access to the network. It is one thing to know they have it current when you set them up, but if they don't keep it current it is useless.

Second was more for data protection. What happens if the peson quits and walks out the door with their personal system. What legal steps whould we need to do to get the data back? Related to this, If I do a backup of the system and they have illegal or unlicensed software on the system, now I have complicance issues with illegal software in my backup tapes.

Lastly, who is responsible if the system gets damaged or stolen when she is using it at work? Is the company responsible to replace or pay for repairs to non-company system?